Re: [PATCH] lib/crypto: aesgcm: Don't disable IRQs during AES block encryption

Next message: Lukas Wunner: "Re: Bug#1131025: [6.12.y regression] Regression with 58130e7ce6cb (&quot;PCI/ERR: Ensure error recoverability at all times&quot;): echo vfio-pci &gt;driver_override does not work for DVB Adapter"
Previous message: Jacob Keller: "Re: [PATCH net-next V9 02/14] devlink: Add helpers to lock nested-in instances"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Wed Apr 01 2026 - 16:18:57 EST

On Tue, Mar 31, 2026 at 01:55:11PM -0700, Eric Biggers wrote:
> > AIUI, if we drop the IRQ dis/enable from this code, the generic path
> > will be taken during early boot, but later invocations will use the
> > accelerated implementations once they become available, right?
>
> Yes, that's correct. The optimized code gets enabled by a
> subsys_initcall.

Also just to clarify, once the optimized crypto library code has been
enabled by the initcalls, it applies to all later function calls. So
the library (e.g. the aesgcm_*() functions) doesn't have the problem
that the traditional crypto API (e.g. crypto_aead) has where unoptimized
code may continue to be used for an arbitrarily long time.

Anyway, I'll plan to apply this patch. But it would be interesting to
hear from the x86 and SEV folks whether there is interest in making the
early AES-GCM operations in snp_secure_tsc_prepare() use the AES-NI and
PCLMULQDQ optimized code for better performance and side-channel
resistance.

- Eric